- Routing and Switching Network Engineer
- SNRS - Securing Networks with Cisco Routers & Switches v3.0
Discover advanced concepts in IOS router & switch security in this course that starts where IINS v1.0, core training for the CCNA Security Associate certification, stops. In SNRS v3.0, a component in the Cisco Certified Security Professional cert....
- Course Outline
Discover advanced concepts in IOS router and switch security in this course that starts where IINS v1.0, core training for the CCNA Security Associate certification, stops. In SNRS v3.0, a component in the Cisco Certified Security Professional certification, you will take your IOS router and switch security skills to the professional level.
You’ll cover switch topics, including advanced Layer 2 security and Identity-Based Networking Services (IBNS) based on IEEE 802.1x, and you’ll cover router topics, including network platform security, VPN, firewall, and IPS. Learn how to secure a router’s control plane, data plane, and management plane. You will spend a large portion of the class covering advanced VPN topics, including using digital certificates for VPN authentication, GRE over IPsec, Dynamic Virtual Trunk Interfaces, Dynamic Multipoint VPN (DMVPN), Group Encryption Transport VPN (GET VPN), remote access IPsec VPN with the Easy VPN Server, Cisco VPN Client and Easy VPN Remote (hardware client), and SSL VPN. Examine both the newer Zone-Based Policy Firewall (ZFW) as well as the traditional Context-Based Access Control (now referred to as IOS Classic Firewall). You’ll cover advanced IPS topics as well, including event action overrides, event action filters, signature tuning, and custom signature creation.
E-Labs Included for Post-Class Lab Practice
Following classroom instruction, you will receive 5 e-Lab credits for post-class lab practice, allowing you to hone your skills using the same hands-on lab equipment you used in the classroom.
Who Should Attend · Internetwork professionals who want to ensure security of their network using IOS devices that are already common in their network
· Internetwork professionals who seek Cisco Certified Security Professional (CCSP) certification
What you'll Learn · Layer 2 Security: Attack methods and techniques to mitigate the attacks
· Identity Based Networking Services: 802.1x authentication and authorization with Cisco switches
· Network Foundation Protection: Secure an IOS router’s control plane, management plane, and data plane
· VPN Connectivity:
- IPsec overview
- Site-to-site IPsec VPN using public key infrastructure and digital certificates for authentication
- Virtual tunnel interfaces
- GRE over IPsec
- High-availability VPN options
- Dynamic Multipoint VPN
- Group Encryption Transport VPN
- Cisco IOS SSL VPN (WebVPN)
- Easy VPN Server, Remote, and Client for Remote Access IPsec VPN
· Protect your network with Cisco IOS Classic Firewall and Cisco IOS Zone-Based Policy Firewall
· Defend against threats on your network using IOS Intrusion Prevention Systems
This course is recommended for the following certifications:
This course prepares you for Cisco Exam 642-504 SNRS
Course Outline 1. Network Platform Security with Switches
· Configuring Advanced Layer 2 Security
· Introducing Cisco IBNS
· Implementing Basic 802.1x Authentication
· Configuring Advanced 802.1x Authentication and Authorization
2. Network Platform Security with Routers
· Examining the Cisco Network Foundation Protection Strategy
· Securing the Control Plane
· Securing the Management Plane
· Securing the Data Plane
3. Secure Site-to-Site Communications
· Examining VPN and IPsec Fundamentals
· Implementing IPsec VPNs with PKI
· Implementing GRE over IPsec
· Configuring High-Availability VPNs and VTI
· Implementing DMVPN
· Implementing GET VPN
4. Secure Remote Access Communications
· Implementing Cisco IOS Remote Access using Cisco Easy VPN
· Examining a Cisco IOS SSL VPN
5. Threat Control and Containment
· Configuring NAT and PAT
· Configuring a Cisco IOS Classic Firewall
· Configuring a Cisco IOS Zone-Based Policy Firewall
· Configuring Cisco IOS IPS
We have enhanced our SNRS v3.0 hands-on labs beyond what you'll find in a standard Cisco SNRS v3.0 course, providing more realistic and robust scenarios. The root of our enhancements lies in the topology that we provide. The standard Cisco SNRS v3.0 labs provide a very simple topology based on the ICND topology that includes a single switch and a single router per pod with two PC instances – a setup that works well for covering associate-level routing and switching concepts. The motivation for Cisco’s topology is compatibility with their standard IINS and ICND topologies.
More appropriate for professional-level security training, our SNRS v3.0 topology combines our standard FSA topology with a router supplement. Each SNRS v3.0 pod has four routers, two switches, and ten PC instances. The topology provides a main site with an internal network with multiple subnets and a DMZ for public services, along with two remote site networks and a simulated Internet. PC systems are strategically placed in the topology, and services such as DNS, SMTP, FTP and HTTP are configured realistically.
GUI vs. CLI
While standard SNRS training has moved away from a command-line interface (CLI) focus towards a graphical user interface (GUI) focus, our Security labs include both. Many of the operations in our labs are performed from the Security Device Manager GUI, and you will use the Command Preview and document all commands that are delivered by the GUI. Our enhanced topology allows our labs to include configuring the routers at both sides of VPN tunnels. Generally, you will configure one peer via the GUI and the other peer via the CLI. At the end of each lab, you’ll receive the complete configuration with the relevant commands highlighted, providing a handy tool for lab verification and for long-term reference.
Pros and cons exist for both the GUI and the CLI. In today’s world, engineers must have experience with both interfaces, and ours is the only lab environment where you’ll find them.
Lab 1: Advanced Layer 2 Security
Lab 2: Layer 2 AAA with 802.1x
Lab 3: Cisco Network Foundation Protection
Lab 4: Site-To-Site VPN with PKI
Lab 5: IPsec Redundancy using GRE
Lab 6: DMVPN
Lab 7: GET VPN
Lab 8: Cisco Easy VPN
Lab 9: IOS SSL VPN
Lab 10: IOS Classic Firewall
Lab 11: IOS Zone-Based Policy Firewall
Lab 12: IOS IPS
- Prerequisites & Certificates
∑ ICND1 ∑ ICND2 ∑ IINS Follow-On Courses: ∑ SNAF ∑ IPS
- Cancellation Policy
We require 16 calendar days notice to reschedule or cancel any registration. Failure to provide the required notification will result in 100% charge of the course. If a student does not attend a scheduled course without prior notification it will result in full forfeiture of the funds and no reschedule will be allowed. Within the required notification period, only student substitutions will be permitted.
Reschedules are permitted at anytime with 16 or more calendar days notice. Enrollments must be rescheduled within six months of the cancel date or funds on account will be forfeited.
- Map & Reviews
[ View Provider's Profile ]
ReviewsHere are some reviews of the training vendor.
This course has not yet been rated by one of our members.
If you have taken a course through this vendor please log into your account and leave feedback for this vendor. You will be helping ensure our members get directed to the best training facilities.
This course currently does not have any dates scheduled. Please call 1-877-313-8881 to enquire about future dates or scheduling a private, in house course for your team.
This page has been viewed 308 times.